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DETAILED ACTION 

1 . Claims 1 - 1 3 are presented for examination. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on 10/08/2004 has been 
considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form 
PTO-1449 is signed and attached hereto. 

Priority 

3 . Acknowledgment is made of applicant's claim for foreign priority under 35 
U.S.C. 1 19(a)-(d). The certified copy has been filed in parent Application No. 105 10606, 
filed on 10/08/2004. 

Oath/Declaration 

4. The oath filed on 05/19/2005 complies with all the requirements set forth in 
MPEP 602 and therefore is accepted. 

Drawings 

5. The drawings filed on 10/08/2004 are accepted. 

Specification 

6. The abstract of the disclosure is objected to because the abstract lack proper 
language and format. 

The form and legal phraseology often used in patent claims, such as "means" 
and "said," should be avoided. The abstract should describe the disclosure sufficiently to 
assist readers in deciding whether there is a need for consulting the full patent text for 
details. 
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7. The disclosure is objected to because it contains an embedded hyperlink (page 6, 
lines 14 and 19) and/or other form of browser-executable code. Applicant is required to 
delete the embedded hyperlink and/or other form of browser-executable code. See MPEP 
§ 608.01. 

Claim Objections 

8. Claim 5 is objected to because: in line 15 applicant missed out to cancel "(H)". 
Appropriate correction is required. 

9. Claims 1 and 5 are objected to because in line 6 wherein "the steps" should be 
changed to "steps" for proper antecedent basis. 

Claim Rejections - 35 USC §103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the maimer in which the invention was made. 

1 1 . Claims 1-3, 5, 7-8, 10, and 12-13 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Menezes "Handbook of applied cryptography" in view of Haumont 
USPN 6763112 Bl. 

Regarding claim 1, Menezes discloses a method for verifying that data received by a 
receiver (pp 401 sec. 10.16; data integrity/authentication ... and receiver (B)) have been 
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sent by a transmitter {sender/claimant (A)) authorized by a trusted third party (pp 400 sec. 
10.3.2 lines 1-7; trusted on-line server), the transmitter and the receiver being connected 
to a digital network (pp 400 sec. 10.3.2 lines 1-7 and pp 401 sec. 10.16 lines 1-27), 
wherein an identifier is associated with the data sent by the transmitter (pp 401 sec. 10.16 
lines 7-page 402 lines 8; B checking the identifier in equation (2) is its own... random 
number rB is based on B's identity... same for A i.e. rA is based on A 's identity) and in 
that the method comprises the steps consisting, for the receiver, in: 

(a) generating a random number (pp 401 sec. 10.16 lines 7-24; random number is 
generated... r A, rB); 

(b) broadcasting said random number over the network (pp 401 sec. 10.16 line 24; 

equation (1) and/or rB is transmitted to A); 

(c) receiving from the fransmitter a response computed by applying a first 
fimction to said random number and to said identifier (pp 401 sec. 10.16 line 25; equation 
(2) and/or Ek(rB.B*)); and 

(d) verifying the received response by applying a second function to the received 
response, to said random number and to said identifier (pp 401 sec. 10.16 lines 9-31; B 
decrypts Ek(rB,B*) using decryption algorithm Ek and checks/verifies the integrity and 
identity using random number sent). 

Menezes discloses the trusted on-line server providing common session key (see 
pp 400 sec. 10.3.2 lines 3-7 to A and B) and algorithm Ek that denotes symmetric 
encryption algorithm with a key K is shared by A and B see pp 40 1 sec. 10.16 lines 9-11, 
and the algorithm Ek is used in A and B for security and/or verification (see pp 401 sec. 
1016 lines 1-27). 
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However Menezes fails to explicitly disclose the Ek being transmitted to A and B 
from the trusted on-line server. 

Haumont discloses a method of trusted third party (CN) transmitting UMTS 
Integrity Algorithm (UIA) and UMTS Encryption Algorithm (UEA) to mobile station 
(MS) or radio network controller (RNC) (col. 5 lines 65-col. 6 lines 2), via distributed 
network (see fig. 1 and col. 4 lines 46-65), for proper challenge response authentication 
integrity result (see col. 5 lines 4-32 and fig. 2) and integrity is verified by transmitting 
challenge/random from CN to MS, in response to the received challenge the MS applying 
algorithm to produce a result, transmitting the generated result to CN and acknowledging 
the RNC (see col. 6 lines 3-24 and fig. 4 and fig. 2). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to modify the teachings of Haumont within the system of 
Menezes because they are analogous in challenge response integrity authentication. One 
would have been motivated to incorporate the teachings to properly perform integrity 
authentication using the trusted algorithm. 

Regarding claim 5, Menezes discloses a method for proving that data sent to a receiver 
(pp 401 sec. 10.16; data integrity/authentication ... and receiver (B)) have been 
fransmitted by a fransmitter {sender /claimant (A)) authorized by a trusted third party (pp 
400 sec. 10.3.2 lines 1-7; trusted on-line server), the transmitter and the receiver being 
connected to a digital network (pp 400 sec. 10.3.2 lines 1-7 and pp 401 sec. 10.16 lines 1- 
27), characterized in that wherein an identifier is associated with the data sent by the 
fransmitter (pp 401 sec. 10.16 lines 7-page 402 lines 8; B checking the identifier in 
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equation (2) is its own... random number rB is based on B's identity... same for A i.e. rA 
is based on A 's identity) and in that the method comprises the steps consisting, for the 
transmitter in: 

(a) receiving a random number from the receiver (pp 401 sec. 10.16 line 24; 
equation (1) and/or rB is received at A); 

(b) computing a response by applying a first function to said random number and 
to said identifier (pp 401 sec. 10.16 lines 9-31; equation (2) and/or Ek(rB,B*) wherein Ek 
is the encryption algorithm and rB is based on B 's identity); and 

(c) sending said response to the receiver (pp 401 sec. 10.16 line 25; equation (2)); 
said response being likely to be verified by the receiver by applying a second 

function to the received response, to said random number and to said identifier (pp 401 
sec. 10.16 lines 9-31; 5 decrypts Ek(rB,B*) using decryption algorithm Ek and 
checks/verifies the integrity and identity using random number rB sent that is based on 
B 's identity). 

Menezes discloses the trusted on-line server providing common session key (see 
pp 400 sec. 10.3.2 lines 3-7 to A and B) and algorithm Ek that denotes symmetric 
encryption algorithm with a key K is shared by A and B see pp 401 sec. 10.16 lines 9-11, 
and the algorithm Ek is used in A and B for verification (see pp 401 sec. 1016 lines 1-27). 

However Menezes fails to explicitly disclose the Ek being transmitted to A and B 
from the trusted on-line server. 

Haumont discloses a method of trusted third party (CN) transmitting UMTS 
Integrity Algorithm (UIA) and UMTS Encryption Algorithm (UEA) to mobile station 
(MS) or radio network controller (RNC) (col. 5 lines 65-col. 6 lines 2), via distributed 
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network (see fig. 1 and col. 4 lines 46-65), for proper challenge response authentication 
integrity result (see col. 5 lines 4-32 and fig. 2) and integrity is verified by transmitting 
challenge/random from CN to MS, in response to the received challenge the MS applying 
algorithm to produce a result, transmitting the generated result to CN and acknowledging 
the RNC (see col. 6 lines 3-24 and fig. 4 and fig. 2). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to modify the teachings of Haumont within the system of 
Menezes because they are analogous in challenge response integrity authentication. One 
would have been motivated to incorporate the teachings to properly perform integrity 
authentication using the trusted algorithm. 

Regarding claim 2, Menezes discloses the method in which the step (b) is replaced by a 
step consisting in sending said random number to the transmitter (pp 401 sec. 10.16 line 
24-pp 402 line 8; rB). 

Regarding claim 3, Menezes discloses the method in which the receiver also transmits 
said identifier in the step (b) (pp 401 sec. 10.16 lines 1 1-pp 402 sec. 10.17 (ii); rA and rB 
are exchanged between A and B). 

Regarding claim 7, Menezes discloses the method wherein the identifier associated with 
the data sent by the transmitter is a random number generated by the initial transmitter of 
the data in the network and attached to said data by the initial transmitter (pp 401 sec. 
10.16 lines 7-page 402 lines 8; B checking the identifier in equation (2) is its own using 
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random number rB... random number rB is based on B's identity... same for A i.e. rA is 
based on A 's identity). 

Regarding claim 8, Menezes discloses the method wherein the first function is a public 
function using a secret key (pp 402 sec. 10.17 lines 9-34; hk is a one-way hash function 
that is known to both the sender and receiver and uses a shared key /secret key). 

Regarding claim 10, Menezes discloses the method wherein the first function is a secret 
function (pp 402 lines 1-8; algorithm Ek is used that prevents chosen-text attacks). 

Regarding claim 12, Menezes discloses the method wherein the first function is a public 
function for signature generation with the aid of a private key (pp 404 sec. (ii) lines 1 1 ; 
SA). 

Regarding claim 13, Menezes discloses the method wherein the second function is a 
public function for signature verification with the aid of a public key corresponding to the 
private key used by the first function (pp 404 sec. (ii)-pp 405 lines 18; SA is signature 
algorithm for verification with the aid of public key-private key). 



12. Claims 4, 6, 9 and 1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Menezes "Handbook of applied cryptography" in view of Haumont USPN 6763 112 
Bl. and further in view of Teper et al. USPN 5815665. 
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Regarding claim 4, the combination of Menezes and Haumont discloses all the 

subject matter as discloses above. The combination is silent in details of inhibiting access 
to said data if the response received in the step (c) is not correct or if no response is 
received after the expiry of a predetermined time starting from the transmission of the 
random number. 

However Teper et al. teaches a method for a user to connect to a service provider 
(SP) site and attempt to access an online service and the SP initiating a challenge- 
response authentication that allows an online brokering service to authenticate the user 
for the SP site, SP sending challenge message to the user's computer over the distributed 
network/Intemet, user generating and returning response message that is based on the 
challenge message received and user's identifier/password and the response is 
authenticated for requested access and providing or denying access based on 
authentication result (see col. 9 lines 50-col. 10 lines 65 and col. 3 lines 5-44) that reads 
on a method wherein the receiver inhibits access to said data if the response received in 
the step (c) is not correct. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to combine the teachings of Teper et al. within the 
combination system because they are analogous in challenge response authentication. 
One would have been motivated to combine the teachings to securely provide access to 
authorized and authenticated user. 

Regarding claim 6, the combination discloses the method in which the transmitter 
also receives in the step (a) said identifier associated with the data received by the 
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receiver (see Menezes pp 401 sec. 10.16 lines 7-page 402 lines 8; receiving rA and rB at 
B and A that are based on A 's and B 's identity) and checking/authenticating A's and B's 
identifier in using challenge response message is also described see Menezes sec. 10.16 
on page 401-402. 

The combination is silent in wherein said in which the steps (b) and (c) are not 
carried out unless said identifier received in the step (a) corresponds to the identifier 
associated with the data that the transmitter has just sent. 

However Teper et al. discloses a SP asking an online broker to authenticate a user 
by sending an encrypted pass-through message that includes user's response message, 
that is based on challenge response, and that includes the user's unique ID and the online 
broker looks up database for user's password based on the user's unique ID and 
determines whether the received response message corresponds to the user's password 
and the received challenge, generating correct response fi-om the password and the 
received challenge message using same fiinction used by the user computer and 
compare/authenticate the response message (see col. 10 lines 44-65 and col. 9 lines 50- 
67) that reads on in which the steps (b) and (c) are not carried out unless said identifier 
received in the step (a) corresponds to the identifier associated with the data that the 
transmitter has just sent. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to modify the teaching of Teper et al. within the 
combination system because they are analogous in challenge response authentication. 
One would have been motivated to do so to generate correct response and/or if the 
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identifier does not match the receiver never generates same and authentic response as 
received response. 



Regarding claim 9, the combination of Menezes and Haumont discloses 
authenticating and verifying data using challenge-response by applying to said random 
number and to said identifier the first fimction with the secret key (see Menezes pp 401 
sec. 10.16). The combination is silent in giving details about the method wherein the 
second function is a boolean function computing an expected response and comparing the 
expected response with the response received in order to deliver: a "0" value if the 
expected and received responses are different and a "1" value if the expected and 
received responses are equal. 

However Teper et al. discloses the method wherein the second function is a 
boolean function (see fig. 6 and col. 17 lines col. 18 lines 38) 

computing an expected response (fig. 6 element 102) and 

comparing the expected response with the response received in order to deliver 
(fig. 6 element 104): 

a "0" value if the expected and received responses are different (fig. 6 element 
106; returning "No") and 

a "1" value if the expected and received responses are equal (fig. 6 elements 108- 
114; "yes"). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to modify the teachings of Teper et al. within the 
combination system because they are analogous in generating a challenge response 
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message and comparing the generated response with received for valid authentication. 
One would have been motivated to incorporate to grant/deny access based on the 
verification result. 

Regarding claim 1 1, the combination discloses authenticating and verifying data 
using challenge-response by applying the first fimction to said random number and to 
said identifier (see Menezes pp 401 sec. 10.16). The combination is silent in giving 
details about the method wherein the second function is a boolean function computing an 
expected response and comparing the expected response with the response received in 
order to deliver: a "0" value if the expected and received responses are different and a "1" 
value if the expected and received responses are equal. 

However Teper et al. discloses the method wherein the second function is a 
boolean function (see fig. 6 and col. 17 lines col. 18 lines 38) 

computing an expected response (fig. 6 element 102) and 

comparing the expected response with the response received in order to deliver 
(fig. 6 element 104): 

a "0" value if the expected and received responses are different (fig. 6 element 
106; returning "No") and 

a "1" value if the expected and received responses are equal (fig. 6 elements 108- 
114; "yes"). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to modify the teachings of Teper et al. within the 
combination system because they are analogous in generating a response message and 
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comparing the generated response with received for valid authentication. One would have 
been motivated to incorporate to grant/deny access based on the verification result. 
Conclusion 

1 3 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO Form 892. 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ELENI A. SHIFERAW whose telephone number is 
(571)272-3867. The examiner can normally be reached on Mon-Fri 8:00am-5 :00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser R. Moazzami can be reached on (571) 272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571-273- 
8300. 

Information regarding the status of an apphcation may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Elecfronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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